published-external

The pros and cons of new tech: Science fiction collides with reality

“The pros and cons of new tech: Science fiction collides with reality” by Michael O’Dwyer As Sorin Mustaca, an independent IT security consultant, says, “Adopting new technologies is never a mistake, if done properly.” Assess the pros and cons of new tech There’s rarely a one-size-fits-all solution in technology, and repercussions are never as severe or life-threatening as in pop culture. However, there are repercussions for ill-chosen solutions in terms of business continuity or process interruption. Mustaca advises businesses to consider all the following before adopting new tech: Know what you want. Find and clearly define the planned use of…

Read More

Quoted in ECommerceTimes: Gmail to Warn Users of Unencrypted Email

Gmail to Warn Users of Unencrypted Email Author: Richard Adhikari   Quotes: The warning “will help in cases where hackers try to perform DNS poisoning while trying to infect or phish users visiting well-established websites,” security consultant Sorin Mustaca said.   Going with TLS is not necessarily the answer because “many emails would not reach their destination if the destination servers don’t support TLS,” security consultant Mustaca told the E-Commerce Times. Emails continue to be delivered because of opportunistic encryption. “Servers first try to establish a TLS connection and, if they don’t succeed, they continue communicating on unencrypted connections,” he explained.


No Picture

The mysterious OpenSSL vulnerability has been patched

No, it doesn’t have a name like Heartbleed or POODLE, it was “just” a denial-of-service. “Just” is by no means something to be ignored, but it is less dangerous with the previous vulnerabilities. All users of OpenSSL 1.0.2 should upgrade immediately to version 1.0.2a. In the advisory published on their website the OpenSSL vulnerability is called “ClientHello sigalgs DoS (CVE-2015-0291)”. If a client connects to an OpenSSL 1.0.2 server and renegotiates with an invalid signature algorithms extension, a NULL pointer dereference will occur. This can be exploited in a DoS attack against the server. According to OpenSSL’s Security Policy, a “high…


No Picture

OpenSSL: Patch for secret “high severity” vulnerability

After Heartbleed, Poodle and FREAK which turned the IT world upside down, numerous companies have asked to have a though review of the most used SSL implementation in the world: OpenSSL. And indeed, in order to avoid being again in the news, the OpenSSL Foundation is set to release later this week several patches for OpenSSL, fixing undisclosed security vulnerabilities, including one that has been rated “high” severity. Matt Caswell of the OpenSSL Project Team announced that OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r, and 0.9.8zf will be released Thursday. “These releases will be made available on 19th March,” Caswell wrote. “They…


No Picture

“Ze Foreign Accent” spam is back

Twelve years ago the IT security world was fighting against an unprecedented amount of spam emails. Spam is not and never was just a nuisance; it is a big problem because it slows down the good emails and takes up resources. Together with Virus Bulletin and some antispam researchers from various companies, a list called “The Spammer Compendium” was created.  This list contains methods used by spammers to trick spam filters and to have their emails delivered to the end users. One of the methods listed there is called “Ze Foreign Accent” spam or(BWO!Accent!Plain). The main characteristic of this method is…


No Picture

Protect individuals and their devices within an organisation, not just their desktops

The classic approach to secure a company is to secure its assets against all attack vectors: laptops, workstations, servers, storage entities and programmes. The standard attack methods are usually: infections through files carried on USB sticks, memory cards, mobile hard drives, downloaded files network attacks (spoofing, DOS) vulnerabilities that get exploited in common software   In recent years, it is no longer enough to just protect these assets. Whilst it remains mandatory to continue to protect them, we have seen that the most vulnerable elements in the enterprise are actually the employees. They are attacked using: drive-by downloads in order…


No Picture

Three key security threats seen during 2013 – and how to protect against them

Originally published here: http://grahamcluley.com/2013/12/three-key-security-threats/ 1. Security breaches and hacks   2013 was the year that major security breaches and hacks really took hold. Millions of credentials were stolen from the likes of Twitter, Tumblr,Yahoo, Adobe and many others. Whenever data breaches like this occur, targeted attacks against the users of such wesbites can quickly follow. The targeted attacks usually consist of URLs to phishing websites or malware delivered to users’ email inboxes, so it’s imperative that end-users and corporate IT teams keep a close look out for what might be attempting to attack. Having the username and same password for all online accounts introduces significant…


By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close